[exim] exim allowed someone to slam my mail server for 3 hou…

Top Page
Delete this message
Reply to this message
Author: abc
Date:  
To: exim-users
Subject: [exim] exim allowed someone to slam my mail server for 3 hours
What happened here? I thought Exim is supposed to disconnect people if
they cause too many errors in their connection? Why did Exim allow the
one host to make 38,000 requests in 3 hours within just 1 connection?

Here what I see in my logs:

2005-06-26 07:25:32 SMTP connection from [200.101.127.102] (TCP/IP connection count = 1)
2005-06-26 07:25:34 H=(buzz) [200.101.127.102] F=<dwnj_meka_r_z_w@???> rejected RCPT <madeye@???>: host 200.101.127.102 is listed in brazil.blackholes.us
2005-06-26 07:25:40 H=(buzz) [200.101.127.102] F=<dwnj_meka_r_z_w@???> rejected RCPT <madeye@???>: host 200.101.127.102 is listed in brazil.blackholes.us
2005-06-26 07:25:44 H=(buzz) [200.101.127.102] F=<dwnj_meka_r_z_w@???> rejected RCPT <madeye@???>: host 200.101.127.102 is listed in brazil.blackholes.us
2005-06-26 07:25:46 H=(buzz) [200.101.127.102] F=<dwnj_meka_r_z_w@???> rejected RCPT <madeye@???>: host 200.101.127.102 is listed in brazil.blackholes.us

That message repeats thousands of times for 3 hours, then:
2005-06-26 10:36:28 SMTP syntax error in "SAIR" H=(buzz) [200.101.127.102] unrecognized command
2005-06-26 10:36:29 unexpected disconnection while reading SMTP command from (buzz) [200.101.127.102]

Isn't there a way to disconnect a host if they cause too many errors in
the SMTP dialogue?